Hi WG/Authors, As mentioned and motivated by authors, since the draft is only 4 pages - I took the liberty to read it while at the WG.
I have few comments: When comparing this version with original version 00 - quite a lot of text got removed and wonder what's left to "action on" ?! Unless, reading this draft also means going in the WG archive and read everything from v00 up to here that leaded to 4 pages only? Comparing ver00 to last version - what happened ?! https://author-tools.ietf.org/iddiff?url1=draft-ietf-grow-bgpopsecupd-00&url2=draft-ietf-grow-bgpopsecupd-08&difftype=--html *Questions*: 1- For session protection, there are No mention of MD5 (RFC 2385), TCP‑AO (RFC 5925), BGP TTL Security Mechanism (RFC 5082/GTSM) or IPsec/TLS for multi‑hop. --> Operators still rely on these to defeat spoofing and reset attacks. 2- No advice on route‑flap damping, RTBH/F‑RTBH, flowspec, or telemetry hooks. --> Security without observability feels incomplete. *Just a suggestion here:* Add bullets: “Use TCP‑AO (RFC 5925) or at least TCP‑MD5 (RFC 2385) where supported”; “For single‑hop EBGP sessions deploy GTSM (RFC 5082)”; “Protect multi‑hop sessions with IPSec or TLS + BGP‑over‑TCP/QUIC when feasible.” --> Restores actionable guidance dropped from RFC 7454 while keeping it technology‑agnostic could help ? Thanks, Dan
_______________________________________________ GROW mailing list -- [email protected] To unsubscribe send an email to [email protected]
